According to Flexera research, 87% of organizations are adopting a multi-cloud migration and 72% are choosing a hybrid cloud approach. State of the 2023 Clouds Reportprotecting cloud applications and assets has never been more urgent.
The siled nature of hybrid cloud architectures means cloud security is no easy task, and cybersecurity teams often need to prioritize security actions.
To meet the growing demand, cloud security providers offer a variety of tools. Traditionally, these tools use “agents,” which are special software components installed on devices to perform security-related actions such as scanning and reporting, rebooting systems, and applying patches.
Solutions that traditionally work this way include Cloud Security Posture Management Tools (CSPM), Cloud Infrastructure Entitlement Management Engines (CIEM), and Cloud Workload Protection Platforms (CWPP) to protect cloud native applications. It is increasingly being packaged under the umbrella of a platform (CNAPP).
“The main challenge with these products is the need to deploy an agent on each device, which can be difficult as it can conflict with other departments within the company. For example, The legal team may not allow agents to be deployed on systems that have already been approved,” said Deepinder Chhabra, ISACA Board Advisor. Information security During the Cloud & Cyber Security Expo in London on March 9th.
The proliferation of agent-based cloud security solutions is causing agent fatigue for security professionals, Jaime Franklin, Head of Global Cloud Solutions Sales for Uptycs, argued at the Cloud & Cyber Security Expo. session.
“They had to deploy all the different agents, make sure they were in line with the DevOps pipeline, manage them, and defend how useful the agents were versus the overhead from a performance perspective. I’m sick of it. They’re really looking for something different,” he said.
Read more: Understanding the Shared Responsibility Model, Critical Steps to Secure Your Cloud
Agentless cloud security providers such as Cloudnosys, Orca Security, Sysdig, and Cyscale have emerged over the past five years to provide alternatives.
“Agentless solutions are much easier to deploy. In seconds, we can capture snapshots from cloud assets and applications on all devices and send them back for analysis,” explains Franklin.
Complete visibility v Real-time analysis and prevention
However, agentless products typically don’t offer real-time security analytics, Franklin points out.
“These are built to deliver a new scan every 24 hours, so if you run a snapshot scan, you’ll have to wait a full day between scans unless you request an ad-hoc scan. Within 24 hours. A lot of things can happen in an agent-based solution that provides real-time telemetry,” he said.
And agent-based cloud security solutions don’t just provide security analytics, they also provide actual defense, Franklin said.
“For example, agentless CSPM may be better suited for analyzing cyber events on open ports than on agent-based ports because it can correlate different information from multiple parts of the system. But no. If it’s agent-based, it can be fixed,” he explained.
Agentless cloud security solutions haven’t killed the need for agent-based security solutions, says Dazz co-founder and CTO Tomer Schwartz.
“Like elsewhere, there are no silver bullets for cloud security. Agentless cloud security solutions enable organizations to rapidly deploy a few basic cloud security capabilities to large-scale workloads. , is also particularly useful for compliance purposes,” Schwartz said during a session at Cloud. & Cyber Security Expo.
Franklin says: “Maturity and where you are in the cloud adoption journey are key to choosing between agent and agentless solutions. You told me you wanted an agentless solution because you lacked the set and it didn’t make sense to try to manage the deployment of agents. It would help us to initiate at least something to protect the
Chhabra agrees. “Maybe this agentless solution doesn’t give him 100% of the features he was looking for in the first place, but I’m happy with 80% for now.”
However, moving from agentless to agent-based solutions can also be very difficult, so organizations should be very careful about what they sign up for.
“When the Log4j vulnerability hit, some customers thought that agentless cloud security tools would have defensive capabilities, but they didn’t. Some people built a second solution based on that, which meant managing multiple solutions, user interfaces (UIs), and backends, which meant more complexity.” he warned.
